Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
1. An authority transfer system, which includes a terminal, a server that provides a service via a network, and a client that uses the service, the authority transfer system comprising: an authentication unit configured to determine, based on authentication information input by a user via an authentication screen displayed on the terminal, whether the user is an authorized user; an issuance unit configured to, in a case where the user determined by the authentication unit to be an authorized user has performed, via an authorization screen displayed on the terminal, an authorization operation to permit an authority of the user in the service to be transferred to the client provided in the terminal, issue authorization information indicating that the authority of the user has been transferred to the client; an authorization unit configured to authorize the client to use the service by the authority of the user based on the authorization information, which the terminal transmits to the client when the client makes a request to use the service; and a checking unit configured to check with the user whether to perform, on a tenant to which the user who has been determined by the authentication unit to be an authorized user belongs, a setting such that, when an additional user belonging to the tenant uses the service via the client provided in the terminal, the authorization information corresponding to the client is issued without the additional user performing the authorization operation, wherein, in response to the user performing the setting such that, when an additional user belonging to the tenant uses the service via the client provided in the terminal, the authorization information is issued without the additional user performing the authorization operation, the authorization unit authorizes the additional user to use the service without performing the authorization operation when the additional user uses the service via the client provided in the terminal wherein in a case where the terminal that the user uses is not a terminal in which common setting has been set, the checking unit checks with the user whether to perform, on the user who has been determined by the authentication unit to be an authorized user, a setting such that, when the user uses the service via a client provided in an additional terminal, the authorization information corresponding to the client provided in the additional terminal is issued without the user performing the authorization operation.
An authority transfer system provides service access to users and their tenants. It includes a terminal, server, and client application. The system authenticates a user, and if authorized, allows the user to grant authority to the client application on the terminal. This generates authorization information. When the client requests service access, it uses this authorization, bypassing further user authorization. The system asks the user if future users from their tenant on this terminal should automatically inherit authorization. If approved, subsequent tenant users on the same terminal gain service access without individual authorization. If the terminal is not a "common setting" terminal, the system prompts the user to set up automatic authorization for themselves on *other* terminals.
2. The authority transfer system according to claim 1 , wherein, in response to the user performing the setting such that when an additional user belonging to the tenant uses the service via the client provided in the terminal, the authorization information is issued without the additional user performing the authorization operation, and to, when the additional user uses the service via a client provided in an additional terminal, authorization information corresponding to the client provided in the additional terminal having already been issued by the issuance unit according to the authorization operation performed by the additional user, the authorization unit authorizes the additional user to use the service without performing the authorization operation when the additional user uses the service via the terminal.
The authority transfer system from the previous description (which authenticates a user, allows them to grant authority to a client application on a terminal, and then prompts for automatic authorization for other users of their tenant on that terminal) also handles cases where a new tenant user has *already* authorized a client on a *different* terminal. If that's the case, and the user has enabled automatic authorization for their tenant on the current terminal, the new tenant user is granted access without re-authorization on the current terminal, even if they already authorized on another terminal.
3. The authority transfer system according to claim 1 , further comprising a determination unit configured to determine whether a type of the terminal that the user uses is a common setting terminal in which common setting is set, wherein, in a case where the determination unit determines that the type of the terminal is the common setting terminal, the checking unit checks with the user whether to perform, on a tenant to which the user who has been determined by the authentication unit to be an authorized user belongs, a setting such that, when an additional user belonging to the tenant uses the service via the client provided in the terminal, the authorization information corresponding to the client is issued without the additional user performing the authorization operation.
The authority transfer system described earlier (which handles authentication, authorization transfer, and tenant-wide auto-authorization) first determines if the terminal is a "common setting" terminal. If it's deemed a common terminal type, the system asks the authorizing user if future users from the same tenant on this terminal should be automatically authorized. If the terminal is *not* a common type, the auto-authorization settings check is handled by claim 1.
4. The authority transfer system according to claim 1 , further comprising a management unit configured to, in response to the checking unit checking that a setting has been performed on the tenant such that the authorization information is issued without an additional user belonging to the tenant performing the authorization operation, manage a client identifier for identifying the client provided in the terminal and an identifier of the tenant specified based on an identifier of the user who has been determined by the authentication unit to be an authorized user while associating the client identifier and the identifier of the tenant with each other, wherein the authorization unit specifies an identifier of the additional user based on authentication information input by the additional user, and, in response to an identifier of the terminal that the additional user uses being associated with the identifier of the tenant associated with the specified identifier of the additional user, authorizes the additional user to use the service without performing the authorization operation when the additional user uses the service via the terminal.
The authority transfer system from the claim 1 (that handles authentication, authorization transfer, and tenant-wide auto-authorization) includes a management component. When a user enables automatic authorization for their tenant, the system links the client application's ID on that terminal with the tenant's ID. Later, when a new user from the same tenant attempts access, the system finds the tenant ID based on their authentication. If the terminal they're using is linked to that tenant ID, the new user gains access automatically, bypassing authorization. The system manages client IDs and tenant IDs to streamline access for subsequent users from the same tenant on a pre-authorized terminal.
5. A method executed by an authority transfer system, which includes a terminal, a server that provides a service via a network, and a client that uses the service, the method comprising: determining, based on authentication information input by a user via an authentication screen displayed on the terminal, whether the user is an authorized user; issuing, in a case where the user determined to be an authorized user has performed, via an authorization screen displayed on the terminal, an authorization operation to permit an authority of the user in the service to be transferred to the client provided in the terminal, authorization information indicating that the authority of the user has been transferred to the client; authorizing the client to use the service by the authority of the user based on the authorization information, which the terminal transmits to the client when the client makes a request to use the service; checking with the user whether to perform, on a tenant to which the user who has been determined to be an authorized user belongs, a setting such that, when an additional user belonging to the tenant uses the service via the client provided in the terminal, the authorization information corresponding to the client is issued without the additional user performing the authorization operation; and authorizing, in response to the user performing the setting such that, when an additional user belonging to the tenant uses the service via the client provided in the terminal, the authorization information is issued without the additional user performing the authorization operation, the additional user to use the service without performing the authorization operation when the additional user uses the service via the client provided in the terminal, wherein in a case where the terminal that the user uses is not a terminal in which common setting has been set, checking with the user whether to perform, on the user who has been determined to be an authorized user, a setting such that, when the user uses the service via a client provided in an additional terminal, the authorization information corresponding to the client provided in the additional terminal is issued without the user performing the authorization operation.
An authority transfer method performed by a system including a terminal, server and client application. The method authenticates a user. If authorized, the user can grant authority to the client application on the terminal. This generates authorization information. The client then uses this information to access the service. The method checks with the user if future users from their tenant using the same terminal should be automatically authorized. If they agree, future tenant users gain access without needing separate authorization steps. If the terminal isn't designated a "common setting" terminal, the system prompts the user to also enable automatic authorization for *themselves* on *other* terminals.
6. The method according to claim 5 , further comprising authorizing, in response to the user performing the setting such that when an additional user belonging to the tenant uses the service via the client provided in the terminal, the authorization information is issued without the additional user performing the authorization operation, and to, when the additional user uses the service via a client provided in an additional terminal, authorization information corresponding to the client provided in the additional terminal having already been issued according to the authorization operation performed by the additional user, the additional user to use the service without performing the authorization operation when the additional user uses the service via the terminal.
The method described previously (which handles authentication, authorization transfer, and tenant-wide auto-authorization) also handles the case where a new user has *already* authorized a client on a *different* terminal. If the user has enabled automatic authorization for their tenant, the new tenant user is granted access without re-authorization on the current terminal, even if they already authorized on another terminal.
7. The method according to claim 5 , further comprising: determining whether a type of the terminal that the user uses is a common setting terminal in which common setting is set; and checking, in a case where it is determined that the type of the terminal is the common setting terminal, with the user whether to perform, on a tenant to which the user who has been determined to be an authorized user belongs, a setting such that, when an additional user belonging to the tenant uses the service via the client provided in the terminal, the authorization information corresponding to the client is issued without the additional user performing the authorization operation.
The method described in claim 5 (which handles authentication, authorization transfer, and tenant-wide auto-authorization) first determines if the terminal is a "common setting" terminal. If so, the method proceeds to check with the authorizing user whether to automatically authorize all future users of the same tenant on this terminal.
8. The method according to claim 7 , further comprising checking, in a case where it is determined that the type of the terminal is not the common setting terminal, with the user whether to perform, on the user who has been determined to be an authorized user, a setting such that, when the user uses the service via a client provided in an additional terminal, the authorization information corresponding to the client provided in the additional terminal is issued without the user performing the authorization operation.
Expanding on the method from claim 7, (which determines the terminal type and then prompts for auto-authorization), if the terminal is *not* a common setting terminal, the method prompts the user to enable automatic authorization for *themselves* on *other* terminals.
9. The method according to claim 5 , further comprising: managing, in response to checking that a setting has been performed on the tenant such that the authorization information is issued without an additional user belonging to the tenant performing the authorization operation, a client identifier for identifying the client provided in the terminal and an identifier of the tenant specified based on an identifier of the user who has been determined to be an authorized user while associating the client identifier and the identifier of the tenant with each other; and specifying an identifier of the additional user based on authentication information input by the additional user, and, authorizing, in response to an identifier of the terminal that the additional user uses being associated with the identifier of the tenant associated with the specified identifier of the additional user, the additional user to use the service without performing the authorization operation when the additional user uses the service via the terminal.
The method described in claim 5 (which handles authentication, authorization transfer, and tenant-wide auto-authorization) then manages a client application ID and tenant ID pairing when a user enables automatic authorization for their tenant. Later, when a new user from the same tenant tries to access, the method specifies the tenant ID using the new user's credentials. If the terminal ID is linked to the tenant ID, that user automatically gains access without needing authorization. The method relies on this tenant/terminal ID pairing.
10. A non-transitory computer-readable storage medium storing computer executable instructions that cause a computer to execute a method for an authority transfer system, which includes a terminal, a server that provides a service via a network, and a client that uses the service, the method comprising: determining, based on authentication information input by a user via an authentication screen displayed on the terminal, whether the user is an authorized user; issuing, in a case where the user determined to be an authorized user has performed, via an authorization screen displayed on the terminal, an authorization operation to permit an authority of the user in the service to be transferred to the client provided in the terminal, authorization information indicating that the authority of the user has been transferred to the client; authorizing the client to use the service by the authority of the user based on the authorization information, which the terminal transmits to the client when the client makes a request to use the service; checking with the user whether to perform, on a tenant to which the user who has been determined to be an authorized user belongs, a setting such that, when an additional user belonging to the tenant uses the service via the client provided in the terminal, the authorization information corresponding to the client is issued without the additional user performing the authorization operation; and authorizing, in response to the user performing the setting such that, when an additional user belonging to the tenant uses the service via the client provided in the terminal, the authorization information is issued without the additional user performing the authorization operation, the additional user to use the service without performing the authorization operation when the additional user uses the service via the client provided in the terminal, wherein in a case where the terminal that the user uses is not a terminal in which common setting has been set, checking with the user whether to perform, on the user who has been determined to be an authorized user, a setting such that, when the user uses the service via a client provided in an additional terminal, the authorization information corresponding to the client provided in the additional terminal is issued without the user performing the authorization operation.
A storage medium containing instructions for a system that handles authentication and authorization for users and their tenants. The system authenticates a user. If authorized, the user can grant authority to the client application on the terminal. This creates authorization information. The client application uses this information to access the service. The instructions also cause the system to prompt the authorizing user to allow future users from the same tenant on this terminal to be automatically authorized. If the user allows, subsequent tenant users gain access without extra steps. If the terminal is *not* a "common setting" terminal, the instructions also prompt the user to enable automatic authorization for *themselves* on *other* terminals.
11. The non-transitory computer-readable storage medium according to claim 10 , wherein the method further comprises authorizing, in response to the user performing the setting such that when an additional user belonging to the tenant uses the service via the client provided in the terminal, the authorization information is issued without the additional user performing the authorization operation, and to, when the additional user uses the service via a client provided in an additional terminal, authorization information corresponding to the client provided in the additional terminal having already been issued according to the authorization operation performed by the additional user, the additional user to use the service without performing the authorization operation when the additional user uses the service via the terminal.
The storage medium from the previous description (which implements authentication, authorization transfer, and tenant-wide auto-authorization) additionally handles cases where the new user already authorized a different client on a different terminal. If automatic authorization is enabled, the user is authorized on the current terminal without needing to re-authorize, even if they previously authorized elsewhere.
12. The non-transitory computer-readable storage medium according to claim 10 , wherein the method further comprises: determining whether a type of the terminal that the user uses is a common setting terminal in which common setting is set; and checking, in a case where it is determined that the type of the terminal is the common setting terminal, with the user whether to perform, on a tenant to which the user who has been determined to be an authorized user belongs, a setting such that, when an additional user belonging to the tenant uses the service via the client provided in the terminal, the authorization information corresponding to the client is issued without the additional user performing the authorization operation.
The storage medium described in claim 10 (which handles authentication, authorization transfer, and tenant-wide auto-authorization) stores instructions that cause the system to determine if the terminal is a "common setting" terminal. If the terminal *is* a common terminal, the user is prompted to allow future tenant users on this terminal to be automatically authorized.
13. The non-transitory computer-readable storage medium according to claim 12 , wherein the method further comprises checking, in a case where it is determined that the type of the terminal is not the common setting terminal, with the user whether to perform, on the user who has been determined to be an authorized user, a setting such that, when the user uses the service via a client provided in an additional terminal, the authorization information corresponding to the client provided in the additional terminal is issued without the user performing the authorization operation.
Expanding on the storage medium described in claim 12 (which checks terminal type before prompting for auto-authorization), if the terminal is *not* considered a "common setting" terminal, the system prompts the user to enable automatic authorization for *themselves* on *other* terminals.
14. The non-transitory computer-readable storage medium according to claim 10 , wherein the method further comprises: managing, in response to checking that a setting has been performed on the tenant such that the authorization information is issued without an additional user belonging to the tenant performing the authorization operation, a client identifier for identifying the client provided in the terminal and an identifier of the tenant specified based on an identifier of the user who has been determined to be an authorized user while associating the client identifier and the identifier of the tenant with each other; and specifying an identifier of the additional user based on authentication information input by the additional user, and, authorizing, in response to an identifier of the terminal that the additional user uses being associated with the identifier of the tenant associated with the specified identifier of the additional user, the additional user to use the service without performing the authorization operation when the additional user uses the service via the terminal.
The storage medium from claim 10 (which handles authentication, authorization transfer, and tenant-wide auto-authorization) stores instructions to manage client application IDs and tenant IDs. When a user allows automatic authorization for their tenant, the medium causes the system to store a linked ID. Later, when a new user from the same tenant attempts to access, their tenant ID is specified based on credentials. If the terminal ID is associated with the tenant ID, the new user automatically gains access.
Unknown
October 3, 2017
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.